account hijacking
Attackers are exploiting IMAP to bypass MFA on Office 365, G Suite accounts
Where possible, and especially for important accounts such as Office 365 and G Suite accounts, the prevailing advice for users is to enable two-factor authentication. …
OkCupid account hijackings highlight website account management issues
Users of popular dating site OkCupid have been complaining of hackers taking over their account, locking them out by changing the associated email address and password, and …
Verizon details breaches they were called in to investigate
If at all possible, organizations like to keep details of the breaches they suffered under wraps, mostly to safeguard their reputation and to minimize legal trouble. As …
The single sign-on account hijacking threat and what can we do about it?
Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …
AT&T sued for enabling SIM swap fraud
A cryptocurrency investor is suing AT&T because criminals were able to empty his accounts through SIM swap fraud (aka account port out fraud), even though he had already …
Theft of user accounts on cryptocurrency exchanges is soaring
Within a year, the number of data leaks from cryptocurrency exchanges soared by 369%, Group-IB researchers have found, and the US, Russia and China are the countries where …
Telegrab: Russian malware hijacks Telegram sessions
Researchers have discovered and analyzed an unusual piece of malware that, among other things, seeks to collect cache and key files from end-to-end encrypted instant messaging …
Malware leverages web injects to empty users’ cryptocurrency accounts
Criminals trying to get their hands on victims’ cryptocurrency stashes are trying out various approaches. The latest one includes equipping malware with …
BEC scammers actively targeting Fortune 500 companies
Nigerian scammers are targeting Fortune 500 companies, and have already stolen millions of dollars from some of them, IBM Security researchers have found. Their strategy is …
1.4 billion unencrypted credentials found in interactive database on the dark web
A data dump containing over 1.4 billion email addresses and clear text credentials is offered for download in an underground community forum. What’s so special about …
UK shipbroker Clarksons refuses to pay hackers ransom for stolen data
London-based shipbroking firm Clarksons has suffered a data breach and refuses to pay the attackers to prevent the stolen data from being publicly released. About the …
The tools criminals use to prepare a stolen iPhone for resale
Reselling stolen mobile phones is a lucrative business all over the globe, and iPhones are very much in demand. Whether lost or stolen, the iPhones are often locked by their …
Featured news
Resources
Don't miss
- CISA reveals new malware variant used on compromised Ivanti Connect Secure devices
- Windows 11 quick machine recovery: Restoring devices with boot issues
- Two things you need in place to successfully adopt AI
- Exegol: Open-source hacking environment
- Only 2-5% of application security alerts require immediate action